Make it work on 16k page size Arm kernel

CMakeLists.txt

@@ -0,0 +1,117 @@
+cmake_minimum_required(VERSION 3.12)
+
+if (COMPILER_TARGET)
+	set(CMAKE_C_COMPILER_TARGET "${COMPILER_TARGET}")
+	set(CMAKE_CXX_COMPILER_TARGET "${COMPILER_TARGET}")
+	set(CMAKE_ASM_COMPILER_TARGET "${COMPILER_TARGET}")
+endif()
+
+project(native_client C CXX ASM)
+
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY "${PROJECT_BINARY_DIR}")
+
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+
+include(DaemonPlatform/Detection)
+include(NaClFlags)
+
+if (NOT CMAKE_BUILD_TYPE)
+	set(CMAKE_BUILD_TYPE RelWithDebInfo)
+endif()
+
+option(BUILD_NACL_LOADER "Build the sel_ldr program." ON)
+
+if (DAEMON_SYSTEM_Linux_COMPATIBILITY)
+	option(BUILD_NACL_HELPER_BOOTSTRAP "Build the nacl_helper_bootstrap program on platforms requiring it." ON)
+endif()
+
+# TODO(arbenson): remove this once binutils bug is fixed (see
+# src/trusted/service_runtime/arch/x86_64/sel_addrspace_posix_x86_64.c)
+if (BUILD_NACL_LOADER AND DAEMON_ARCH_amd64 AND NOT DAEMON_SYSTEM_Windows)
+	option(USE_AMD64_ZERO_BASED_SANDBOX "Allow the zero-based sandbox model to run insecurely." OFF)
+	list(APPEND INHERITED_OPTIONS "USE_AMD64_ZERO_BASED_SANDBOX")
+endif()
+
+if (BUILD_NACL_LOADER AND DAEMON_SYSTEM_Windows)
+	option(FORCE_NO_TRUSTED_BUILD "Prevent use of trusted toolchain." OFF)
+endif()
+
+if (BUILD_NACL_LOADER AND DAEMON_SYSTEM_Windows)
+	set(REQUIRE_MASM ON)
+endif()
+
+if (BUILD_NACL_LOADER AND DAEMON_SYSTEM_macOS)
+	set(REQUIRE_PYTHON ON)
+endif()
+
+if (BUILD_NACL_HELPER_BOOTSTRAP)
+	set(REQUIRE_PYTHON ON)
+endif()
+
+if (REQUIRE_PYTHON)
+	if (NOT PYTHON)
+		find_program(PYTHON NAMES "python3" DOC "Path to the python3 executable." REQUIRED)
+	endif()
+endif()
+
+if (REQUIRE_MASM)
+	if (DAEMON_CXX_COMPILER_MinGW AND NOT CMAKE_ASM_MASM_COMPILER)
+		include_directories("${CMAKE_CURRENT_SOURCE_DIR}/include-hax/fake_masm")
+
+		find_program(JWASM NAMES "jwasm" DOC "Path to the JWasm executable." REQUIRED)
+
+		set(CMAKE_ASM_MASM_COMPILER "${JWASM}")
+
+		if (DAEMON_ARCH_i686)
+			list(APPEND CMAKE_ASM_MASM_FLAGS "-coff")
+		elseif(DAEMON_ARCH_amd64)
+			list(APPEND CMAKE_ASM_MASM_FLAGS "-win64")
+		endif()
+	endif()
+
+	enable_language(ASM_MASM)
+endif()
+
+include_directories("include-hax")
+
+if (DAEMON_ARCH_i686)
+	set(VALIDATOR_ARCH_SUFFIX "_x86_32")
+elseif (DAEMON_ARCH_amd64)
+	set(VALIDATOR_ARCH_SUFFIX "_x86_64")
+elseif (DAEMON_ARCH_armhf OR DAEMON_ARCH_armel)
+	set(VALIDATOR_ARCH_SUFFIX "_arm")
+elseif (DAEMON_ARCH_mipsel)
+	set(VALIDATOR_ARCH_SUFFIX "_mips32")
+endif()
+
+if (BUILD_NACL_LOADER)
+	add_subdirectory(src/shared/gio)
+	add_subdirectory(src/shared/imc)
+	add_subdirectory(src/shared/platform)
+	add_subdirectory(src/trusted/cpu_features)
+	add_subdirectory(src/trusted/debug_stub)
+	add_subdirectory(src/trusted/desc)
+	add_subdirectory(src/trusted/fault_injection)
+	add_subdirectory(src/trusted/interval_multiset)
+	add_subdirectory(src/trusted/nacl_base)
+	add_subdirectory(src/trusted/perf_counter)
+	add_subdirectory(src/trusted/platform_qualify)
+	add_subdirectory(src/trusted/validator)
+
+	if (DAEMON_ARCH_i686 OR DAEMON_ARCH_amd64)
+		add_subdirectory(src/trusted/validator_x86)
+		add_subdirectory(src/trusted/validator_ragel)
+	elseif (DAEMON_ARCH_armhf OR DAEMON_ARCH_armel)
+		add_subdirectory(src/trusted/validator_arm)
+	elseif (DAEMON_ARCH_mipsel)
+		add_subdirectory(src/trusted/validator_mips)
+	endif()
+endif()
+
+if (BUILD_NACL_LOADER)
+	add_subdirectory(src/trusted/service_runtime)
+endif()
+
+if (BUILD_NACL_HELPER_BOOTSTRAP)
+	add_subdirectory(src/trusted/service_runtime/linux)
+endif()

SConstruct

@@ -2688,6 +2688,8 @@ def MakeGenericLinuxEnv(platform=None):
       LINK = '$CXX',
   )
 
+  linux_env.SetDefault(MAX_PAGE_SIZE='0x1000')
+
   # Prepend so we can disable warnings via Append
   linux_env.Prepend(
       CPPDEFINES = [['_POSIX_C_SOURCE', '199506'],
@@ -2710,6 +2712,7 @@ def MakeGenericLinuxEnv(platform=None):
         LINKFLAGS = ['-m64'] + sysroot_flags,
         )
   elif linux_env.Bit('build_arm'):
+    linux_env.Replace(MAX_PAGE_SIZE='0x10000')
     SetUpLinuxEnvArm(linux_env)
   elif linux_env.Bit('build_mips32'):
     SetUpLinuxEnvMips(linux_env)
@@ -2735,7 +2738,8 @@ def MakeGenericLinuxEnv(platform=None):
   linux_env.Prepend(SHLINKFLAGS=['$COMMON_LINKFLAGS'])
   linux_env.Prepend(COMMON_LINKFLAGS=['-Wl,-z,relro',
                                       '-Wl,-z,now',
-                                      '-Wl,-z,noexecstack'])
+                                      '-Wl,-z,noexecstack',
+                                      '-Wl,-z,max-page-size=${MAX_PAGE_SIZE}'])
   linux_env.Prepend(LINKFLAGS=['-pie'])
   # The ARM toolchain has a linker that doesn't handle the code its
   # compiler generates under -fPIE.

cmake/DaemonPlatform/Architecture.cmake

@@ -0,0 +1,105 @@
+# Daemon BSD Source Code
+# Copyright (c) 2022-2025, Daemon Developers
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#  * Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#  * Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#  * Neither the name of the <organization> nor the
+#    names of its contributors may be used to endorse or promote products
+#    derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+################################################################################
+# Architecture detection.
+################################################################################
+
+# When adding a new architecture, look at all the places DAEMON_ARCH is used.
+
+option(USE_ARCH_INTRINSICS "Enable custom code using intrinsics functions or asm declarations" ON)
+mark_as_advanced(USE_ARCH_INTRINSICS)
+
+function(daemon_detect_arch)
+	daemon_run_detection("" "ARCH" "Architecture.c" "")
+
+	set(DAEMON_ARCH_NAME "${arch_name}" PARENT_SCOPE)
+
+	message(STATUS "Detected target architecture: ${arch_name}")
+
+	add_definitions(-DDAEMON_ARCH_${arch_name})
+
+	set(nacl_arch "${arch_name}")
+	if (DAEMON_SYSTEM_Unix_COMPATIBILITY)
+		set(armhf_usage "arm64;armel")
+		if ("${arch_name}" IN_LIST armhf_usage)
+			# Load 32-bit armhf nexe on 64-bit arm64 engine on Linux with multiarch.
+			# The nexe is system agnostic so there should be no difference with armel.
+			set(nacl_arch "armhf")
+		endif()
+	elseif(DAEMON_SYSTEM_macOS)
+		if ("${arch_name}" STREQUAL "arm64")
+			# You can get emulated NaCl going like this:
+			# cp external_deps/macos-amd64-default_10/{nacl_loader,irt_core-amd64.nexe} build/
+			set(nacl_arch "amd64")
+		endif()
+	endif()
+
+	# The DAEMON_NACL_ARCH variable contributes to the nexe file name.
+	set(DAEMON_NACL_ARCH_NAME "${nacl_arch}" PARENT_SCOPE)
+endfunction()
+
+function(daemon_set_arch_intrinsics name)
+	message(STATUS "Enabling ${name} architecture intrinsics")
+	add_definitions(-DDAEMON_USE_ARCH_INTRINSICS_${name})
+endfunction()
+
+function(daemon_set_intrinsics)
+	if (USE_ARCH_INTRINSICS)
+		# Makes possible to do that in C++ code:
+		# > if defined(DAEMON_USE_ARCH_INTRINSICS)
+		add_definitions(-DDAEMON_USE_ARCH_INTRINSICS)
+
+		# Makes possible to do that in C++ code:
+		# > if defined(DAEMON_USE_ARCH_INTRINSICS_amd64)
+		# > if defined(DAEMON_USE_ARCH_INTRINSICS_i686)
+		daemon_set_arch_intrinsics("${DAEMON_ARCH_NAME}")
+
+		set(amd64_PARENT "i686")
+		set(arm64_PARENT "armhf")
+
+		if ("${DAEMON_ARCH_NAME}_PARENT")
+			daemon_set_arch_intrinsics("${${DAEMON_ARCH_NAME}_PARENT}")
+		endif()
+	else()
+		message(STATUS "Disabling ${DAEMON_ARCH_NAME} architecture intrinsics")
+	endif()
+endfunction()
+
+daemon_detect_arch()
+daemon_set_intrinsics()
+
+# Makes possible to do that in CMake code:
+# > if (DAEMON_ARCH_arm64)
+# > if (DAEMON_NACL_ARCH_armhf)
+set("DAEMON_ARCH_${DAEMON_ARCH_NAME}" ON)
+set("DAEMON_NACL_ARCH_${DAEMON_NACL_ARCH_NAME}" ON)
+
+if (DAEMON_SOURCE_GENERATOR)
+	# Add printable strings to the executable.
+	daemon_add_buildinfo("char*" "DAEMON_ARCH_STRING" "\"${DAEMON_ARCH_NAME}\"")
+	daemon_add_buildinfo("char*" "DAEMON_NACL_ARCH_STRING" "\"${DAEMON_NACL_ARCH_NAME}\"")
+endif()